How to Add an Insecure Registry Entry in Docker

While securing your registry using a Transport Layer Security (TLS) certificate issued by a known Certificate Authority (CA) is highly recommended, we can choose to use our insecure registry over an unencrypted Hypertext Transfer Protocol (HTTP) connection. This article will discuss how to add insecure registries in Docker.

Add an Insecure Registry Entry in Docker

This process sets up Docker to completely disregard registry security. Therefore, it is not advised to introduce vulnerable registry entries to Docker.

Your registry is vulnerable to simple man-in-the-middle (MITM) attacks. Use this solution exclusively for solitary testing or in an area that is strictly regulated and airtight.

Edit the daemon.json file on the following locations:

1. Linux: /etc/docker/daemon.json
2. Windows: C:\ProgramData\docker\config\daemon.json

Whether we are using Docker Desktop for Mac or Docker Desktop for Windows, we should click the Docker icon, select Preferences for Mac or Settings for Windows, and then select Docker Engine.

We can create the daemon.json file inside the directory if it doesn’t already exist. The file should contain the following mandatory information if no additional settings are present.

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

Replace the example address with the one for the container of your insecure registry.

For testing via HTTPS with insecure registries enabled, Docker follows these steps:

1. If HTTPS is available, but the certificate is invalid, ignore the error about the certificate.
2. If HTTPS is not available, use HTTP.

Restart the Docker container for the changes to take effect.

Keep in mind that simply following these procedures, basic authentication makes it impossible to access an unsecured registry. Therefore, every container engine host that tries to access your registry must go through the above steps again.